Security Assessment Agreement Outsourcing
My work as security engineer for Schuberg Philis often requires me to deal with the following situation. A customer of our requires us to facilitate a security assessment or the infrastructure we manage on their behalf.
More of often then not, the contractual agreements between assessor and client and client and service provider together with a “third party waivers” or similar documents do not cover everything that the three parties want to commonly agree upon. After reviewing quite a number of these documents, I decided to write a template agreement (which can be downloaded below) for exactly this situation. This document is not a replacement for the agreement between the client and the assessor, but as an additional agreement between all three parties.
Madison Gurkha and ITsec have both reviewed and contributed to this agreement and we will use it in our future dealings.
The agreement covers the following topics.